If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below. ** If you are logged in, most ads will not be displayed. **

Netstats (with lotsa Time_wait) --- new to networking

Hi all,

This morning, a web server of mine was being attacked. After i blocked the range of ip that keep trying to establish connection, i got this list of connection below. (but this ip is not the same as the ips that try to flood the system)

i am not sure if i am make any sense. but i hope somebody with similar experience can tell me what is actually going on

Syn Flood Protection on linux
You can turn on syncookies proection for SYN flood attack by adding the following line to /etc/sysctl.conf.
net.ipv4.tcp_syncookies = 1

Some systems can mis-detect a SYN Flood when being scanned for open proxies, as commonly done by IRC servers and services. These are not SYN Floods, merely an automated system designed to check the connecting IP.